Selfhosted

For my travel devices, I use Tailscale to talk to the server. For raw internet, I use their funnel feature to expose the service over HTTPS. Then just have fail2ban watching the port to make sure no shenanigans or have the entire service offlined until I can check it.

SWAG reverse proxy with a custom domain+subdomain, protected by authentik and fail2ban. Easy access from anywhere once it's set up. No vpn required, just type in the short subdomain.domain.com and sign in (or the app keeps me signed in)

Nobody here with a tailscale funnel?? It's such a simple way to get https access from anywhere without being on the tailnet.

Sad that mTLS support is non existent because it solves this problem.

I'm using a cheap VPS that connects over Tailscale to my home server. The VPS runs Nginx Proxy Manager, has a firewall and the provider offers DDOS protection and that's it.

VPN or Tailscale

Synology worked for me. They have built in reverse proxy. As well as good documentation to install it on their machine. Just gotta configure your wifi router to port forward your device and bam you're ready to rock and roll

Unifi teleport. A zero configuration VPN to my home network.

Synology with Emby (do not use the connect service they offer) running behind my fortinet firewall. DDNS with my own domain name and ssl cert. Open 1 custom port (not 443) for it, and that's it. Geoblock every country but my own, which basically eliminated all random traffic that was hitting hit. I've been running it this way for 5 years now and have no issues to report.

Tailscale + Caddy (automatic certificates FTW).

Is putting it behind an Oauth2 proxy and running the server in a rootless container enough?

OpenVPN into my router

I'm using jf on unraid. I'm allowing remote https only access with Nginx Proxy Manager in a docker container.